Worked as red team member within the Swedish national information security exercise NISÖ 2018 hosted by MSB. The exercise aimed to strengthen society’s ability to handle national IT-related crises, primarily by developing the ability for cooperation and coordination between private and public actors in designated sectors. Before the excersice we designed and planed escalating scenarios that should be trained and during the excersice red team executed and adjusted the scenarios in realtime.

More information about the exercise and MSB

https://www.msb.se/sv/publikationer/niso-2018–erfarenhetsrapport/

The Swedish Civil Contingencies Agency (MSB) is responsible for issues concerning civil protection, public safety, emergency management and civil defence as long as no other authority has responsibility. Responsibility refers to measures taken before, during and after an emergency or crisis.

NISÖ 2018 tested the ability to handle IT-related societal disruptions
On 14 – 15 February, MSB conducted the national information security exercise NISÖ 2018. It is the third exercise in a series where the latest exercise was arranged in 2012. This time, more than 200 people from 26 different organizations practiced together at the Regiment in Enköping.

The purpose of the exercise was to give private and public actors the opportunity to practice together, and thereby strengthen society’s overall ability to deal with IT-related societal disruptions, when the actors need to quickly coordinate in order to take relevant measures.

The scenario covered critical dependencies in the energy, transport, information and communication sectors, and healthcare.

For two days, the participants were trained to identify and analyze events, produce a situation picture and share it with others. This took place at the same time as measures were coordinated that were necessary to be able to ensure society’s ability to handle serious IT incidents. To succeed in that work required a concerted effort and broad cooperation between the actors.

MSB has been commissioned by the government to take certain measures to prepare for the implementation of the NIS directive. The exercise’s focus on information and cyber security and its connection to society’s functionality is very much in line with the EU’s NIS directive.

The directive will be implemented in Swedish law on 10 May and through this, explicit requirements will be introduced for systematic information security work, IT incident reporting and supervision for actors who provide socially important services.